USB: sisusbvga: fix oops in error path of sisusb_probe

scsi: libsas: delete sas port if expander discover failed

potential NULL dereference in qla2xx SCSI driver.

KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID

rtlwifi: Fix potential overflow on P2P code

kvm: nVMX: fixed L2 guest possible tricking the L0 hypervisor to access sensitive L1 resources

media: b2c2-flexcop-usb: add sanity checking

fix a heap overflow in mmwifiex_process_tdls_action_frame()

net: qlogic: Fix memory leak in ql_alloc_large_buffers

printk: hash addresses printed with %p

vhost: Check docket sk_family instead of call getname

HID: hiddev: avoid opening a disconnected device

vgacon: Fix a UAF in vgacon_invert_region

mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings

slcan: Don't transmit uninitialized stack data in padding

floppy: check FDC index for errors before assigning it

vt: selection, close sel_buffer race

mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf

HID: Fix assumption that devices have inputs

brcmfmac: screening firmware event packet

USB: adutux: fix use-after-free on disconnect

media: stv06xx: add missing descriptor sanity checks

fix use-after-free in drivers/net/phy/mdio_bus.c

libertas: Fix two buffer overflows at parsing bss descriptor

USB: iowarrior: fix use-after-free on release

USB: core: Fix races in character device registration and deregistraion

mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring

mremap: properly flush TLB before releasing the page

Input: ff-memless - kill timer in destroy()

media: xirlink_cit: add missing descriptor sanity checks

Input: add safety guards to input_set_keycode()

media: ov519: add missing endpoint sanity checks

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()

can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices

media: dvb-usb-v2: lmedm04: Improve logic checking of warm start

ALSA: core: Fix card races between register and disconnect

can: peak_usb: fix slab info leak

media: rc: prevent memory leak in cx23888_ir_probe

can, slip: Protect tty->disc_data in write_wakeup and close with RCU

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

of: unittest: fix memory leak in unittest_data_add

crypto: user - fix memory leak in crypto_report

net-sysfs: call dev_hold if kobject_init_and_add success

hdpvr: Fix an error handling path in hdpvr_probe()

can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices

GFS2: don't set rgrp gl_object until it's inserted into rgrp tree

net: arc_emac: fix koops caused by sk_buff free

USB: serial: io_ti: fix information leak in completion handler

USB: serial: omninet: fix reference leaks at open

pipe: add pipe_buf_get() helper

mm: add 'try_get_page()' helper function

fs: prevent page refcount overflow in pipe_buf_get

mm: make page ref count overflow check tighter and more explicit

mm, gup: ensure real head page is ref-counted when using hugepages

mm: prevent get_user_pages() from overflowing page refcount

mm: prevent get_user_pages() from overflowing page refcount

ALSA: seq: Cancel pending autoload work at unbinding device

sunrpc: use-after-free in svc_process_common

CVE-2018-16884 kpatch adaptation

use-after-free

mwifiex: Abort at too short BSS descriptor element

sctp: implement memory accounting on tx path

cfg80211/mac80211: make ieee80211_send_layer2_update a public function

mac80211: Do not send Layer 2 Update frame before authorization

kvm: fix kvm_ioctl_create_device() reference counting

KVM: nVMX: unconditionally cancel preemption timer in free_nested

KVM: x86: work around leak of uninitialized stack contents

net-gro: fix use-after-free read in napi_gro_frags()

selinux: Print 'sclass' as string when unrecognized netlink message occurs (CVE-2020-10751 dependency)

crypto: authenc - fix parsing key with misaligned rta_len

ext4: fix potential negative array index in do_split()

vgacon: Fix for missing check in scrollback handling

nl80211: fixed buffer overflow when handling beacon settings

fixed possible DoS in drivers/infiniband/hw/cxgb4/mem.c via directly calling dma_map_single() from a stack variable

btrfs: merge btrfs_find_device and find_device

can: gs_usb: gs_can_open(): prevent memory leak

ath9k_htc: release allocated buffer if timed out

blktrace: fix dereference after null check

scsi: libsas: stop discovering if oob mode is disconnected

mwifiex: Fix mem leak in mwifiex_tm_cmd

dccp: Fix memleak in __feat_register_sp

af_packet: set defaule value for tmo

net: ipv6: add net argument to ip6_dst_lookup_flow

net: ipv6: add net argument to ip6_dst_lookup_flow

nfs: Fix getxattr kernel panic and memory overflow

rbd: require global CAP_SYS_ADMIN for mapping and unmapping

mm/hugetlb: fix a race between hugetlb sysctl handlers

media: usb: siano: Fix general protection fault in smsusb

media: technisat-usb2: break out of loop at end of buffer

ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()

usb: cdc-acm: make sure a refcount is taken early enough

hdlc_ppp: add range checks in ppp_cp_parse_cr()

xc2028: avoid use after free

kexec, KEYS: kexec signature blacklist verify

netfilter: ctnetlink: add a range check for l3/l4 protonum

powercap: make attributes only readable by root

powercap: make attributes only readable by root (adaptation)

net: icmp: fix data-race in cmp_global_allow()

random32: update the net random state on interrupt and activity

random: fix circular include dependency on arm64 after addition of percpu.h

random32: remove net_rand_state from the latent entropy gcc plugin

random32: move the pseudo-random 32-bit definitions to prandom.h

mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

netlabel: cope with NULL catmap

drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit. (CVE-2020-12464 dependency)

scsi: mptfusion: Fix double fetch bug in ioctl

ext4: work around deleting a file with i_nlink == 0 safely

ext4: fix ext4_empty_dir() for directories with holes

kernel: memory corruption in Voice over IP nf_conntrack_h323 module

tty: make FONTX ioctl use the tty pointer they were actually passed

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

vt: Disable KD_FONT_OP_COPY

perf/core: Fix race in the perf_mmap_close() function

icmp: randomize the global rate limiter

sched/fair: Don't free p->numa_faults with concurrent readers

block: Fix use-after-free in blkdev_get()

target: fix XCOPY NAA identifier lookup

set ring->xenblkd to NULL explicitly

mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

tty: core: Use correct spinlock flavor in tiocspgrp()

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

mwifiex: Fix possible buffer overflows in

ALSA: rawmidi: Fix racy buffer resize under concurrent accesses

ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (adaptation)

limit size of watch_events dom0 queue.

handle xenwatch_thread patching.

Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

Xen/gntdev: correct error checking in gntdev_map_grant_pages()

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

HID: hid-input: clear unmapped usages.

scsi: iscsi: Restrict sessions and handles to admin

scsi: iscsi: Verify lengths on passthrough PDUs

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs (dependency)

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

[PATCH] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread

[PATCH] KEYS: prevent creating a different user's keyrings

media: imon: Fix null-ptr-deref in imon_probe

futex: Remove unnecessary warning from get_futex_key

scsi: sg: add sg_remove_request in sg_write

fbcon: remove soft scrollback code

fbcon: remove soft scrollback code (adaptation)

media: v4l: ioctl: Fix memory leak in video_usercopy

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

inet: use bigger hash table for IP ID generation

inet: use bigger hash table for IP ID generation (adaptation)

ext4: fix kernel infoleak via ext4_extent_header

ext4: verify dir block before splitting it

[PATCH] af_key: Do not call xfrm_probe_algs in parallel (modified for old kernels)

CVE-2022-2964 dependancy

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

dm verity: set DM_TARGET_IMMUTABLE feature flag

dm verity: set DM_TARGET_IMMUTABLE feature flag (adaptation)

audit: fix error handling in audit_data_to_entry()

epoll: Keep a reference on files added to the check list

do_epoll_ctl(): clean the failure exits up a bit

HID: core: Sanitize event code and type when mapping input

fork: fix copy_process(CLONE_PARENT) race with the exiting

Xen/gnttab: handle p2m update errors on a per-slot basis

floppy: fix lock_fdc() signal handling

n_tty: Fix stall at n_tty_receive_char_special().

btrfs: fix race when cloning extent buffer during rewind of an old root

netfilter: x_tables: make xt_replace_table wait until old

netfilter: x_tables: Use correct memory barriers.

xen-blkback: don't leak persistent grants from xen_blkbk_map()

[net] Bluetooth: A2MP: Fix not initializing all members

dm ioctl: fix out of bounds array access when no devices

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Bluetooth: Fix slab-out-of-bounds read in

media: v4l: event: Prevent freeing event subscriptions while accessed

media: v4l: event: Prevent freeing event subscriptions while accessed (adaptation)

media: v4l: event: Add subscription to list before calling

Omitting for now: Android Pixel C USB monitor driver

kobject: Export kobject_get_unless_zero()

[fs] chardev: Avoid potential use-after-free in 'chrdev_open()'

cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE

cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE (adaptation)

can: bcm: fix infoleak in struct bcm_msg_head

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

l2tp: Correctly return -EBADF from pppol2tp_getname.

net: l2tp: Make l2tp_ip6 namespace aware

l2tp: fix race in l2tp_recv_common()

l2tp: ensure session can't get removed during

l2tp: fix duplicate session creation

l2tp: Refactor the codes with existing macros instead of literal number

l2tp: ensure sessions are freed after their PPPOL2TP socket

l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()

l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall() (adaptation)

vgacon: remove software scrollback support (adaptation)

net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high

net/mlx4: Fix EEPROM dump support

bluetooth: eliminate the potential race condition when

seq_file: Disallow extremely large seq buffer allocations

netfilter: x_tables: fix compat match/target pad out-of-bound write

btrfs only search for left_info if there is no right_info

cfg80211: wext: avoid copying malformed SSIDs

fs/namespace.c: fix mountpoint reference counter race

HID: make arrays usage and value to be the same

sctp: validate from_addr_param return

virtio_console: Assure used length from device is limited

ext4: fix race writing to an inline_data file while its

net_sched: cls_route: remove the right filter from hashtable

vhost-net: set packet weight of tx polling to 2 * vq size

vhost_net: use packet weight for rx handler, too

vhost_net: introduce vhost_exceeds_weight()

vhost: introduce vhost_exceeds_weight()

vhost_net: fix possible infinite loop

vhost: introduce vhost_exceeds_weight() (adaptation)

mac80211: assure all fragments are encrypted

mac80211: add fragment cache to sta_info (adaptation)

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks (adaptation)

mac80211: properly handle A-MSDUs that start with an RFC 1042

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: drop A-MSDUs on old ciphers

mac80211: check defrag PN against current frame

mac80211: prevent attacks on TKIP/WEP as well

mac80211: do not accept/forward invalid EAPOL frames

mac80211: extend protection against mixed key and fragment

perf/core: Fix perf_event_open() vs. execve() race

ath9k: release allocated buffer if timed out

rtlwifi: prevent memory leak in rtl_usb_probe

l2tp: pass tunnel pointer to ->session_create()

ocfs2: subsystem.su_mutex is required while accessing the

bcache: fix potential deadlock problem in btree_gc_coalesce

bnx2x: disable GSO where gso_size is too big for hardware

net: create skb_gso_validate_mac_len()

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

btrfs: fix return value mixup in btrfs_get_extent

Bluetooth: fix the erroneous flush_work() order

ovl: prevent private clone if bind mount is not allowed

fix regression in "epoll: Keep a reference on files added to the

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

Bluetooth: Add bt_dev logging macros

Bluetooth: use constant time memory comparison for secret

Bluetooth: SMP: Fail if remote and local public keys are

vt_kdsetmode: extend console locking (CVE-2021-3753)

ovl: fix missing negative dentry check in ovl_rename()

drm/i915: Reduce locking in execlist command submission

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

sctp: use init_tag from inithdr for ABORT chunk

sctp: add vtag check in sctp_sf_violation

route: also update fnhe_genid when updating a route cache

ipv4: make exception cache less predictible

ipv4: avoid using shared IP generator for connected sockets

sr9700: sanity check for packet length

Bluetooth: use correct lock to prevent UAF of hdev object

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

phonet: refcount leak in pep_sock_accep

pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()

btrfs: unlock newly allocated extent buffer after error

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

Initialize registers to avoid stack leak into userspace.

quota: check block number when reading the block in quota

quota: correct error number in free_dqentry()

af_unix: fix races in sk_peer_pid and sk_peer_cred accesses

af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (adaptation)

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

fix double dev_kfree_skb() in error path

can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in

floppy: use a statically allocated error counter

floppy: use a statically allocated error counter (kpatch adaptation)

cgroup-v1: Require capabilities to set release_agent

netfilter: nf_tables: disallow non-stateful expression in

floppy: disable FDRAWCMD by default

floppy: disable FDRAWCMD by default (adaptation)

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

mm: enforce min addr even if capable() in expand_downwards()

ip: constify ip_build_and_send_pkt() socket argument

inet: constify ip_dont_fragment() arguments

ipv4: Cache net in ip_build_and_send_pkt and ip_queue_xmit

ipv4: tcp: send zero IPID in SYNACK messages

vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console

vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (adaptation)

VT_RESIZEX: get rid of field-by-field copyin

vt: vt_ioctl: fix race in VT_RESIZEX

fbcon: Disallow setting font bigger than screen size

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

vt: drop old FONT ioctls

ipv4: igmp: guard against silly MTU values

usb: mon: make mmapped memory read only

sch_sfb: keep backlog updated with qlen

sch_sfb: Don't assume the skb is still around after enqueueing to child

sch_sfb: Also store skb len before calling child enqueue

netfilter: nf_conntrack_irc: Fix forged IP logic

r8152: Rate limit overflow messages

HID: roccat: Fix use-after-free in roccat_read()

proc: proc_skip_spaces() shouldn't think it is working on C strings

vsock: Fix memory leak in vsock_connect()

netfilter: nf_conntrack_irc: Tighten matching on DCC message

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

scsi: stex: Properly zero out the passthrough command structure

btrfs: Don't submit any btree write bio if the fs has errors

drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

packet: in recvmsg msg_name return at least sizeof sockaddr_ll

net/packet: fix slab-out-of-bounds access in packet_recvmsg()

tcp/udp: Fix memory leak in ipv6_renew_options().

Bluetooth: remove unneeded variable in l2cap_stream_rx

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

Bluetooth: L2CAP: Introduce proper defines for PSM ranges

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

wifi: brcmfmac: Fix potential buffer overflow in

USB: core: Prevent nested device-reset calls

USB: core: Prevent nested device-reset calls (adaptation)

i2c: ismt: Fix an out-of-bounds bug in ismt_access()

drivers: net: slip: fix NPD bug in sl_tx_timeout()

Bluetooth: L2CAP: Fix u8 overflow

net: sched: atm: dont intepret cls results when asked to drop

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

mm/mincore.c: make mincore() more conservative

HID: check empty report_list in hid_validate_values()

netfilter: nf_tables: fix null deref due to zeroed list head

sctp: fail if no bound addresses can be used for a given scope

media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors

prlimit: do_prlimit needs to have a speculation check

prlimit: do_prlimit needs to have a speculation check

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

xirc2ps_cs: Fix use after free bug in xirc2ps_detach

net: sched: cbq: dont intepret cls results when asked to drop

media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

nvme: restrict management ioctls to admin

N/A